Canadian AI Sovereignty Series

With thanks to Laszlo Lakatos-Hayward

Sovereignty used to be a question about territory. It is now a question about dependency. In AI systems, dependency has at least six distinct shapes. A government can own a system outright and still lose it through infrastructure, supply chain, data, talent, regulation, or interoperability. This series has built that count one observation at a time across fifteen papers. This summer, all six are being tested at once.

A country becomes dependent on an AI system through infrastructure it does not own, through a supply chain it does not control, through data it cannot keep onshore, through talent it cannot retain, through regulation it did not write, and through interoperability it cannot guarantee. Six triggers define what AI sovereignty is predicated on, and have been responsive to rapid changes in geopolitics and tech, operating as a single system and function in many cases. The first four were the original model, the fifth (regulatory) was added when it became clear that compliance obligations travel inside a vendor’s cost structure whether or not a country has passed a law. The sixth (interoperability) is the newest and the hardest to see, because it stays invisible until two sovereign systems try to share a workload and discover they cannot.

What makes these urgent rather than academic is that they are no longer confined to IT. AI is becoming the operational tail of statecraft, the sustainment layer beneath the three things a state does in the world: it conducts diplomacy, it trades, and it defends itself. Each of those three is now downstream of the same rented stack of compute, models, and software. A dependency that opens in the tail propagates forward into all three at once. We walk the framework through each domain, using one defence-side analysis as the illustration that updates the model, and land on Cohere as the worked example of how a single company navigates a world filling up with new safety and privacy law.

The Six-Trigger Framework

The framework is a diagnostic. Point it at any government AI deployment and it asks six questions, each of which can fail independently.

Infrastructure. Does the state control the data centres, compute, and physical substrate the system runs on, or does it rent them? This is the original and most visible trigger, and for most countries the honest answer is that the substrate is rented and broadly American.

Supply chain. Does the state control the path from silicon to model weights to deployed software, or can a link in that chain be cut by an export control, a sanction, or a corporate decision made elsewhere?

Data. Can the state keep the data its systems run on inside its own jurisdiction and its own legal protections, or does the data transit, rest, or get processed somewhere a foreign authority can reach it?

Talent. Can the state retain the people who build, run, and audit these systems, or does the expertise concentrate in a handful of foreign labs that set the terms?

Regulation. Here the model first had to grow. A country can be regulation-dependent even with no foreign infrastructure on its soil, because compliance obligations arrive inside a domestically headquartered vendor’s product. When a vendor builds one platform to satisfy the strictest market it serves, every other customer inherits that market’s standard through the vendor’s cost structure, years ahead of any local law. Regulatory dependency is harder to see than the first four because it ships with a domestic logo on the contract.

Interoperability. This is the sixth and the subtlest. A state can satisfy all five preceding triggers, owning the box, controlling the chain, keeping the data home, retaining the people, writing the rules, and still lose the system the moment it has to operate inside an alliance. If a sovereign Canadian stack cannot share a workload with a sovereign European one, the two are no more interoperable than incompatible ammunition. Control without interoperability is sovereignty that cannot be used jointly, which in a crisis is sovereignty that cannot be used at all.

Laying all six out together shows that they can trade against one another. Maximizing control on the first five can actively destroy the sixth. A country that builds a perfectly sovereign national stack, owned and onshore and home-regulated, has done nothing to guarantee it can interoperate with its allies, and may have made interoperation harder. Sovereignty is not a single dial that turns from low to high. It is the ability to inspect, constrain, replace, contest, and connect a system when it matters. Each verb is a different trigger. Everything else is a logo on the contract.

How Alliances Renegotiate Sovereignty

The sixth trigger surfaced now, rather than in the first paper, because the alliance structure underneath Canada is being renegotiated in real time, and interoperability problems only become visible when the question of who you operate with is itself in motion.

NATO has solved a coordination problem of exactly this shape before. In the decades after its founding, every member fielded its own rifle calibres, its own fuel grades, its own radio protocols. Forces that could not interoperate could not fight together, and the alliance faced a failure mode that had nothing to do with any adversary and everything to do with its own internal incompatibility. The fix was not a single dominant national industry that everyone else bought from. It was a body of Standardization Agreements, the STANAGs, that fixed the interfaces between national industries while leaving the industries national. Compliance with the interface became the price of belonging to the alliance. Hundreds of STANAGs now govern everything from 5.56 millimetre ammunition to fuel additives, and they are the mechanism by which a coalition of sovereign states stays sovereign and stays interoperable at the same time.

This history is the resolution to the trade-off the triggers expose. The STANAG model says interoperability is not the enemy of sovereignty; it is a separate axis that a coalition can standardize without surrendering control. A member keeps its own industry, its own infrastructure, its own jurisdiction, and agrees only on the interfaces where joint operation requires agreement. The lesson for AI is direct: the alliance does not need a single sovereign cloud or a single sovereign model. It needs agreed interfaces so that a workload running on one member’s sovereign stack can move to another’s when an Article 5 contingency demands surge capacity from across the alliance.

The renegotiation matters because the alliance Canada is standardizing toward is shifting. When the partner a country has organized its strategic planning around becomes less predictable, the country has to reattach that planning to a coalition it now has to help build rather than simply join. The interfaces that coalition agrees on are being chosen this year. Get them right and a sovereign Canadian stack stays connectable to a sovereign European one. Get them wrong, or leave them unspecified, and the sixth trigger closes quietly while everyone is congratulating themselves on the first five.

The Illustration: Eaves on the Cloud as Sustainment

The clearest single illustration of the framework operating at the infrastructure layer comes from a defence analysis published in Foreign Policy on June 9. David Eaves, an associate professor of digital government at University College London’s Institute for Innovation and Public Purpose, argues that cloud infrastructure has become the operational tail of modern militaries in the literal logistical sense, the fuel and ammunition and supply lines that let combat forces function, and that this tail has moved from safely behind the lines to directly in the field of fire.

His evidence is a single, compelling operational statistic. During Operation Epic Fury in February, peak daily usage of one Pentagon AI targeting system rose by more than four thousand percent. The Pentagon’s chief digital and AI officer framed the lesson as a question about endurance rather than about the adversary: the fear is no longer the enemy, it is whether the alliance can keep up. A rear-area concern had become a front-line target, reachable through cyberattack, through long-range strikes on data centres, through anti-satellite weapons, and through political pressure on the commercial providers that own most of the relevant infrastructure. An Article 5 conflict would demand enormous compute accessible jointly from anywhere in the alliance, and Eaves’s blunt assessment is that none of that is currently possible.

The same foundation runs the civilian state. The ability to administer benefits, identity, health, immigration, and justice rests on the same rented stack of data centres, compute, and software. The tail of warfare and the tail of statecraft are the same infrastructure, which is why a procurement decision made for civilian efficiency and one made for military resilience are increasingly the same decision filed under different paperwork.

Eaves identifies two pressures on that infrastructure pulling in opposite directions, and they map onto the framework’s central trade-off. The first is political and pushes toward fragmentation. When the International Criminal Court’s lead prosecutor, Karim Khan, was locked out of his Microsoft account in 2025 after United States sanctions, allied governments learned that the digital substrate beneath their states is broadly American and can be switched off. Emmanuel Macron’s formulation became the slogan for the response: there is no such thing as happy vassalage. European capitals have poured money into sovereign stacks and data-residency mandates since, and the European Commission’s tech-sovereignty strategy has hardened the impulse into policy. The second pressure is operational and pushes toward concentration. The compute militaries and governments need at scale runs on three commercial hyperscalers, and building genuine alternatives demands hyperscaler-sized capital and a domestic market large enough to absorb the cost. Eaves is direct that truly autonomous clouds are unworkable for Canada, for Norway, for Portugal, for the Baltic states, for any smaller member.

This vise the framework describes is observed at the infrastructure layer. Fragmentation protects control and destroys interoperability. Concentration preserves capability and surrenders control. A digital-sovereignty doctrine that works for the alliance’s two or three largest members fragments it at the moment it needs unified resilience, and the smaller members get crushed first.

Eaves’s prescription is the STANAG move applied to compute. There is no STANAG for the cloud, and there needs to be one. The place to start is object storage, where Amazon’s S3 interface has become the de facto global standard supported by most commercial providers, every credible open-source implementation, and most national-champion clouds. The alliance can convert that commercial standard into a procurement requirement, capture an immediate gain in workload mobility and price competition, and climb the stack from there.

This analysis updates the framework. It demonstrates that the sixth trigger is not theoretical, because the two leading sovereign candidates this series tracks are already on a path to fail it. Cohere is the Canadian company now anchored to the German government and deploying on Schwarz Group’s STACKIT. Mistral is the European company running its defence work entirely on French infrastructure under AMIAD oversight. Both are building genuine sovereignty. Both, on present evidence, are building it inside their own jurisdictions and architectures. The two most credible answers to the problem of escaping American and Chinese dependence could be assembling two sovereign stacks that do not interoperate with each other, which would reproduce, among the companies meant to solve fragmentation, the fragmentation they exist to solve.

Diplomacy: The Careful Walk

Run the framework through the first domain and the diplomatic picture this summer comes into focus.

Mark Carney spent part of this month in France and Ireland making the case that medium-weight nations should pool their strength rather than compete individually for American attention. The framing deserves precision, because the standard phrasing undersells the argument. The case is not that these are small countries that should huddle together. It is that Europe and Canada combined are, by population, comparable to the United States. The pooled bloc is not a junior partner seeking shelter; it is a peer-scale market that can set standards of its own if it acts as one. That is a different and stronger claim than the language of medium powers usually conveys.

The diplomacy here (and always) is a careful walk. In Europe, Carney makes the case for the bloc and for pooled weight. When he is in Washington, the United States is Canada’s largest and most indispensable partner, which is also true. Both messages are necessary, and holding both at once is not contradiction; it is the actual condition of a middle-power country whose security and prosperity run through more than one capital. The edge Carney has to walk is narrow because both statements are real, and because each audience can read what he says to the other. Diplomacy of this kind is the management of two crucial relationships that pull in different directions, conducted in full view of both.

The framework explains why this walk now runs through AI procurement rather than just through communiqués. Diplomatic alignment used to be expressed in treaties and declarations. It is increasingly expressed in which vendors and which standards a coalition commits to, because those commitments are what actually bind. The Cohere acquisition of Aleph Alpha in April, blessed by both the Canadian and German governments and endorsed at the vice-presidential level through the European Commission’s EuroStack initiative, is Carney’s Europe strategy executed through a procurement channel before the diplomatic version was fully spoken aloud. The reattachment to a coalition is happening in compute and compliance, ahead of the speeches that describe it.

Trade: The File Under Pressure

Now, run the framework through the second domain and the trade picture is one of pressure rather than rupture.

On June 11, Donald Trump said he was not looking to renew the Canada-United States-Mexico Agreement, which moved the most important file in Canadian trade from scheduled review toward political emergency well before the deadline it now appears set to pass. It would be a mistake to write the agreement’s obituary. A statement of disinterest is not a termination, and a position taken this month can be reversed next month; the same volatility that put the file under pressure could lift it again without warning. The best possible reading is not that CUSMA is dead but that it can no longer be assumed, and a trade relationship that cannot be assumed forces a country to diversify the dependencies that sit underneath it.

That is where AI re-enters as the operational tail. Trade depends on far more than tariff schedules; it depends on the digital infrastructure that clears payments, moves logistics data, and runs the regulatory systems on both sides of a border. If the trade relationship is volatile, the dependencies in the tail become strategic vulnerabilities, because a partner who can switch off a cloud account has leverage that no trade agreement constrains. The supply-chain and data triggers move from background risk to foreground concern the moment the trade relationship stops being predictable.

The same procurement-first logic that governs diplomacy governs the regulatory clock on the trade side. On May 7, EU negotiators reached provisional agreement on a Digital Omnibus deferring high-risk obligations for standalone systems to December 2027 and for embedded systems to August 2028. The common reading is that the compliance era has slipped. The reading runs backwards. Because the EU AI Act is non-retroactive, systems deployed before the deadlines may sit permanently outside its oversight, which makes the deferral window a deployment window. Whatever gets installed in European and Canadian governments between now and December 2027 will shape what the formal rules eventually tolerate. The Act’s architecture, its risk classification and documentation and human-oversight duties, is untouched by the delay, and the architecture is the part that travels through vendor cost structures regardless of the enforcement date. The regulation trigger fires through deployment timing, not through statute.

Defence: Standardize the Interface or Fragment

Finally, run the framework through the third domain and the defence picture is the one where the sixth trigger bites hardest.

Carney’s June travels were on the way to the G7 and toward a NATO summit on July 7 and 8, an alliance gathering that will address a digital tail it has not yet learned to standardize. The defence application of the framework is the most direct, because Eaves’s analysis is a defence analysis: an Article 5 contingency requires compute that can be surged and shared across the alliance, and a set of siloed sovereign stacks cannot do that. The interoperability trigger is not a civilian afterthought in the defence domain; it is the whole question. A French defence workload that cannot run on a German cloud is no more useful to the alliance than a French workload trapped on Azure.

NATO’s own federated cloud project, Allied Software for Cloud and Edge Services, is in early acquisition now, and the European Commission’s sovereignty strategy measures control rather than portability and is silent on the interface standards that would let workloads move. That silence is the gap. The window to embed an interoperability standard is the procurement window, and it is open today, which is precisely why the standard can still be set before fragmentation hardens into incompatible national stacks. Cohere’s first-place finish in NATO’s Agentic AI for Cognitive Warfare Innovation Challenge makes the point concrete. The company is no longer only a Canadian sovereign-AI vendor or a German-government partner; it is now being tested in the alliance environment where the sixth trigger matters most. The alliance is buying, testing, and ranking systems now, and what it writes into those contracts will govern whether sovereign members can fight jointly or only separately.

This is the domain where the trade-off in the framework is least forgiving. Maximize control, let every member build its own walled stack, and the alliance loses the ability to operate as one. Maximize concentration, route everyone through the same hyperscalers, and the alliance surrenders control to an increasingly unreliable single actor. The STANAG path is the only route that holds both, and it has to be chosen deliberately at the procurement layer because no treaty is going to mandate it in time.

Cohere: How Software Navigates the New Parameters

The three domains converge on a single company, because Cohere is where the framework becomes a product specification. The world Cohere is selling into is filling up with new law on two fronts at once: digital-safety regimes and privacy regimes are arriving in market after market, each with its own documentation, risk-classification, and data-handling demands. A company that wants to sell sovereign AI to governments has to navigate all of them, and the way it navigates them is the mechanism by which the regulation trigger fires across every customer it serves.

Cohere’s German government relationships and its EU enterprise base oblige it to build its North platform to EU AI Act standards as a commercial necessity. Compliance engineering of that kind is expensive to fork into separate versions, so whatever it builds for Heilbronn ships to Ottawa.

Compliance engineering of that kind is expensive to fork into separate versions, so whatever it builds for Heilbronn ships to Ottawa. EU obligations arrive inside Canadian deployments through a domestically headquartered vendor’s cost structure, years ahead of Canadian legislation, with no Canadian fingerprints on the standard. The companion paper in this series, Triangulated Sovereignty, reduced this to a single instruction: legislate the standard or inherit it. The same logic now extends across every new digital-safety and privacy regime Cohere has to satisfy. Each one it absorbs becomes a standard its other customers inherit, which means the strictest market Cohere serves is quietly writing the rules for every market it serves.

This is already a live experiment, not a forecast. In April, Innovation, Science and Economic Development Canada began deploying Cohere’s North to as many as 1,400 public servants for tasks including decision support. Canada has governed automated decision-making through a Treasury Board directive since 2019, a procurement-layer instrument with algorithmic impact assessments and tiered safeguards and no statute behind it. A country with no AI law is running EU-grade questions through an administrative directive, on a platform whose compliance architecture is being built for German government customers. The directive predates the technology it now governs, and deployment may be outrunning it the way a trade agreement can now expire faster than the diplomacy meant to replace it can be negotiated.

A predictability requirement belongs in any specification for these systems. Under Evans’ Law, the longer a model reasons, the greater the likelihood that a response will be incorrect, until the point at which an incorrect answer becomes more likely than a correct one. The law describes the predictability of coherence collapse, not the reliability of any single output, and placing extended-reasoning systems in consequential government workflows turns that predictability into a procurement question. A reproducibility mandate is, in cost terms, a verification mandate whose burden lands on the deploying institution. The defensible standard is reproducible governance rather than reproducible output: the ability to reconstruct who supplied the model, which version ran, what sources fed the output, whether it was advisory or determinative, who reviewed it, and how a citizen contests the result. None of that requires deterministic models. All of it requires governance architecture, and it describes, requirement by requirement, the product Cohere and others may be commercially obligated to build.

The two strongest objections to this reading deserve their weight. The first says the coalition collapses back to two poles, that the EU has delayed its own high-risk regime, the United States is running a deregulatory campaign and seeking broad preemption of state AI laws, and capability gravity keeps pulling buyers toward the frontier American labs, leaving the sovereign middle as a press-release layer on American silicon and European regulation it did not write. The second says vendor-transmitted standards are fragile, that nothing technically forces a single product line, and that if EU requirements prove commercially heavy Cohere can fork, ship a compliant build to Berlin and a lighter one to cost-sensitive customers, and the standard stops travelling. Both objections have force and both run into the same structural facts. The Canada-Germany alliance, the EuroStack endorsement, the German anchor-customer relationship, and a valuation built on the sovereignty story make forking politically expensive in a way ordinary product decisions are not. The ISED deployment and the Treasury Board directive create a Canadian compliance floor already converging on EU norms from below. And the procurement window on the infrastructure side is open precisely because the alliance is buying now, which means the interoperability standard can be set before fragmentation hardens. The coalition is fragile and it is being built in real time through exactly the channels that make it durable.

Canada Has the Pieces but Is Missing Two

For Canada the framework produces a clear inventory. The country has the vendor in Cohere, the deployment in North inside ISED, and the directive in the Treasury Board instrument. It satisfies several of the six triggers and is missing two specific things.

It is missing the statute, the risk architecture that Triangulated Sovereignty identified as the thinnest part of the structure, which is the regulation trigger left to chance. And it is missing a standardized interface commitment of the kind Eaves argues NATO should write, which is the interoperability trigger left unaddressed, the thing that would keep a sovereign Canadian stack connectable to a sovereign European one rather than letting the two drift into mismatched ammunition.

Both gaps close through procurement language and vendor cost structures faster than through any treaty or statute, which means the standards that will govern the next decade are being set in contracts signed before the laws exist. A government can control the box, with ownership and headquarters and intellectual property all secured, and still lose the loop that defines what the system must do and whether it can talk to its allies. Sovereignty is the ability to inspect, constrain, replace, contest, and connect the system when it matters. Everything else is a logo on the contract.

The map is being redrawn this summer, in Washington where the trade file moved under pressure, in Paris and Dublin where Carney made the case for pooled peer-scale weight, and in Ankara on July 7 where the alliance will confront a digital tail it has not yet learned to standardize. The redrawing runs through procurement and vendor cost structures faster than through any treaty. Canada has the pieces. The clock that matters is running in Heilbronn, in Ottawa, and now in Ankara, all at once.